You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@flink.apache.org by "Eron Wright (JIRA)" <ji...@apache.org> on 2016/12/19 00:50:58 UTC

[jira] [Created] (FLINK-5364) Rework JAAS configuration to support user-supplied entries

Eron Wright  created FLINK-5364:
-----------------------------------

             Summary: Rework JAAS configuration to support user-supplied entries
                 Key: FLINK-5364
                 URL: https://issues.apache.org/jira/browse/FLINK-5364
             Project: Flink
          Issue Type: Bug
          Components: Cluster Management
            Reporter: Eron Wright 
            Assignee: Eron Wright 
            Priority: Critical


Recent issues (see linked) have brought to light a critical deficiency in the handling of JAAS configuration.   

1. the MapR distribution relies on an explicit JAAS conf, rather than in-memory conf used by stock Hadoop.
2. the ZK/Kafka/Hadoop security configuration is supposed to be independent (one can enable each element separately) but isn't.

Perhaps we should rework the JAAS conf code to merge any user-supplied configuration with our defaults, rather than using an all-or-nothing approach.   

We should also address some recent regressions:
1. The HadoopSecurityContext should be installed regardless of auth mode.  For example, verify the use of HADOOP_USER_NAME in 'SIMPLE' auth mode.
2. Fix the use of alternative authentication methods - delegation tokens and Kerberos ticket cache.






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)